Share this page!

Alec Muffett Profile picture
Twitter logo
16 Nov, 4 tweets, 2 min read
a) i think this is wryly amusing, but because of the circumstances not the people suffering

b) i'm not sympathetic towards Parler in any way

c) nonetheless, this demonstrates a very big human problem for "something you know"-based authentication.
For anyone who does not recognise the reference: Wikipedia
en.wikipedia.org/wiki/Multi-fac… Image
The most egregious example of password-bansturbation that I know of, comes from the French data protection regulator @CNIL; take a look at this nightmare and imagine helping someone less capable navigate it: Image
If you want to read the glorious thing yourself: cnil.fr/sites/default/… (PDF)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Alec Muffett

Alec Muffett Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AlecMuffett

Alec Muffett Profile picture
26 Sep
@OpenRightsGroup @jimkillock @Forbes @bazzacollins @Facebook @FBoversight Oh @jimkillock - I wish you had pinged me before writing this.

Obvious reason number 1: ranking the relationships between individuals so that you can show the user updates from people you interact with more often.
@OpenRightsGroup @jimkillock @Forbes @bazzacollins @Facebook @FBoversight Obvious reason number two: search suggestions and repeated searches are a thing. There is already a button for clearing them, just like in your browser history.
@OpenRightsGroup @jimkillock @Forbes @bazzacollins @Facebook @FBoversight Observation number three: unless the user has explicitly opted into something which deletes chats after {1 minute, 1 hour, 1 day} etc, it would be rude to erase stuff - "where have my baby photos gone they were in that chat with my sister!?!", etc
Read 10 tweets
Alec Muffett Profile picture
24 Aug
I'm sorry to say "quelle surprise?" - precisely the same happened to the Facebook reporting mechanisms which (again) many people on (Twitter) demanded. :-/
Back in the 90's I worked for Company X, for whom Company Y was a key supplier.

X built a firewall with auto-block of src IPs upon attack (compare fail2ban)

BadGuyZ broke into Y & attacked X from Y's infra; the firewall blocked ALL X-Y comms & impacted N million dollars of biz.
"But we put these filters in for good reasons! Nobody could have foreseen this outcome!", etc… alas, no - censorship, blocking, & control systems ALWAYS have a nasty tendency to blow back in the faces of those who call for them.

We should collectively have learned this by now.
Read 4 tweets
Alec Muffett Profile picture
14 Aug
Earlier today I got a shout-out for a presentation that I did at "Access All Areas 2" in 1995 - a UK @defcon-alike organised by @mala and @FakeDaveGreen (IIRC?)

Thing is: I still have the talk online, and it's mildly significant.
The pitch was "INTERNET TOOL OF DOOM!" which was riffing on the "SATAN" hysteria of the year previous, and also my experienced with publishing Crack, prior: Image
The attached are my speaker's notes, near verbatim, with some crappy 1996-era HTML added to infix the images and source code of the tools. Image
Read 8 tweets
Alec Muffett Profile picture
11 Aug
You can't make this stuff up: it appears that today's anti-Refugee flight out of @RAFBrizeNorton is a C130 doing low-level flying over pro-Brexit constituencies?

"Or it could just be a training flight", etc… Image
You have to applaud them for realising that the people who actually need a "show of strength" are [portion of] the British public who demand that "something needs to be done!" ImageImage
The C130 has completed its grand tour of the south (including circuits over Salisbury Plain) and now has rather more reasonably been replaced by a less terrifying, more reasonable Shadow R1 surveillance aircraft at 17,000 ft, over Dover: ImageImage
Read 4 tweets
Alec Muffett Profile picture
10 Aug
I hope that the @RAFBrizeNorton officers in #ZM413 are proud of themselves for being co-opted into harassing refugees mid-channel. #isThisWhatYouSignedUpToDo? Image
Reference:
Seems like @BWallaceMP wants to be in on the victimisation process:
Read 7 tweets
Alec Muffett Profile picture
30 Jul
Statistics from 226599 DNS-over-HTTPS requests made to an upstream load-balanced group of 8 #DoH servers over Tor, by a DoHoT proxy, including responses served from local cache.

This includes what the proxy sees, not only what the user experiences. Image
More than 25% of requests are served back to the user from the cache.

In the event that the request needs to be sent upstream, the median response time back to the user is 241ms.

If we *remove* locally-cached responses, this is closer to what the raw proxy experiences: Image
So if you're just doing raw DoH over Tor and are round-robin-ing a pool of servers without caching or tracking response time, the median request time will be around 453ms and p90 will be 1153ms.

tl;dr - caching + load-balancing + tracking-speed, is essential.

Here's the pool: Image
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @AlecMuffett